[PATCH net-next v3 3/4] netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port()
From: HACKE-RC
Date: Sun May 03 2026 - 04:34:36 EST
Replace simple_strtoul() with the new nf_ct_helper_parse_port() helper.
This removes the dependency on NUL-terminated strings and adds an
explicit port range check, rejecting port 0 and values above 65535.
Fixes: 16958900578b ("netfilter: nf_conntrack_amanda: the match is called 'amanda', not 'AMANDA'")
Signed-off-by: HACKE-RC <rc@xxxxxxxxx>
---
net/netfilter/nf_conntrack_amanda.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index d2c09e8dd..30b5c4b84 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -88,11 +88,12 @@ static int amanda_help(struct sk_buff *skb,
struct nf_conntrack_expect *exp;
struct nf_conntrack_tuple *tuple;
unsigned int dataoff, start, stop, off, i;
+ nf_nat_amanda_hook_fn *nf_nat_amanda;
char pbuf[sizeof("65535")], *tmp;
+ int ret = NF_ACCEPT;
u_int16_t len;
+ u16 parsed_port;
__be16 port;
- int ret = NF_ACCEPT;
- nf_nat_amanda_hook_fn *nf_nat_amanda;
/* Only look at packets from the Amanda server */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
@@ -132,10 +133,10 @@ static int amanda_help(struct sk_buff *skb,
break;
pbuf[len] = '\0';
- port = htons(simple_strtoul(pbuf, &tmp, 10));
- len = tmp - pbuf;
- if (port == 0 || len > 5)
+ if (nf_ct_helper_parse_port(pbuf, len, &parsed_port, &tmp))
break;
+ port = htons(parsed_port);
+ len = tmp - pbuf;
exp = nf_ct_expect_alloc(ct);
if (exp == NULL) {
--
2.54.0